CVE-2017-9804
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-9804
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-9804.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-9804
- Aliases
- Published
- 2017-09-20T17:29:00Z
- Modified
- 2024-09-03T02:00:56.243735Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. NOTE: this vulnerability exists because of an incomplete fix for S2-047 / CVE-2017-7672.
- References
-
- http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html
- http://www.securityfocus.com/bid/100612
- http://www.securitytracker.com/id/1039261
- https://security.netapp.com/advisory/ntap-20180629-0001/
- https://struts.apache.org/docs/s2-050.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2
Affected packages
Git / github.com/apache/struts
Affected ranges
- Type
- GIT
- Repo
- https://github.com/apache/struts
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affected